Revert "Merge patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet""

When bringing in the series 'arm: dts: am62-beagleplay: Fix Beagleplay
Ethernet"' I failed to notice that b4 noticed it was based on next and
so took that as the base commit and merged that part of next to master.

This reverts commit c8ffd1356d42223cbb8c86280a083cc3c93e6426, reversing
changes made to 2ee6f3a5f7550de3599faef9704e166e5dcace35.

Reported-by: Jonas Karlman <jonas@kwiboo.se>
Signed-off-by: Tom Rini <trini@konsulko.com>

common: Remove <common.h> and add needed includes

Remove <common.h> from all "commmon/" files and when needed add
missing include files directly.

Signed-off-by: Tom Rini <trini@konsulko.com>

cmd: md5sum: use hash_command

Drop old implementation and use hash_command() instead, as
how it's currently done for crc32 and sha1sum cmds.

Test:
=> md5sum 0x60000000 0x200
md5 for 60000000 ... 600001ff ==> e6bbbe95f5b41996f4a9b9af7bbd4050

Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>

common: hash: Remove unused NEEDS_MANUAL_RELOC code bits

The last user of the NEEDS_MANUAL_RELOC has been removed in commit
26af162ac8f8 ("arch: m68k: Implement relocation")
Remove now unused NEEDS_MANUAL_RELOC code.

Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>

crc32: Drop duplicates crc header includes

Fixes: 3db711085752 ("crc32: Use the crc.h header for crc functions")
Signed-off-by: Ilya Lukin <4.shket@gmail.com>

hash: fix a memory leak

memalign() returns a pointer which is to be freed by free(). To call
unmap_sysmem() is incorrect, furthermore it was called in a wrong scope.

Also add a check for allocation error.

Fixes: d7af2baa49c6 ("crypto/fsl: Fix HW accelerated hash commands")
Cc: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_SHA1SUM

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_SHA1SUM defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_HASH

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_HASH defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

doc: replace @return by Return:

Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

image: Use the correct checks for CRC32

Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.

Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make crc32 optional and to actually take
notice of SPL_CRC32.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Drop some #ifdefs in hash.c

We can use the __maybe_unused attribute to avoid some of the #ifdefs in
this file. Update the functions accordingly.

Note: The actual hashing interface is still a mess, with four separate
combinations and lots of #ifdefs. This should really use a driver
approach, e.g. as is done with partition drivers.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Use Kconfig to enable hashing in host tools and SPL

At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.

For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.

Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.

Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.

This allows us to drop the image.h code and the I_WANT_MD5 hack.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

WS cleanup: remove SPACE(s) followed by TAB

Signed-off-by: Wolfgang Denk <wd@denx.de>

common: Move MD5 hash to hash_algo[] array.

MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>

global: Convert simple_strtoul() with hex to hextoul()

It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Ensure verification hex pairs are terminated

This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Kconfig option for SHA512 hardware acceleration

Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.

We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().

For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.

Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.

Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Reviewed-by: Simon Glass <sjg@chromium.org>

hash: Allow for SHA512 hardware implementations

Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>

common: Drop asm/global_data.h from common header

Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

common: hash: Remove a debug printf statement

Remove a left-over debug printf that was introduced with SHA512 support.

Fixes: d16b38f42704 ("Add support for SHA384 and SHA512")
Signed-off-by: Harald Seiler <hws@denx.de>

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

command: Remove the cmd_tbl_t typedef

We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

crc32: Use the crc.h header for crc functions

Drop inclusion of crc.h in common.h and use the correct header directly
instead.

With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

common: hash: Manually relocate struct hash_algo

This patch adds manual relocation for struct hash_algo if
CONFIG_NEEDS_MANUAL_RELOC is enabled.

Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

env: Move env_set() to env.h

Move env_set() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

Roll CRC16-CCITT into the hash infrastructure

The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot applications. It has not been accessible from boot
scripts until now (due to not having a dedicated command and not being
supported by the hash infrstructure) limiting its applicability
outside of custom commands.

This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the
list of available hashes and adds a new crc16_ccitt_wd_buf() to make
this possible.

Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[trini: Fix building crc16.o for SPL/TPL]
Signed-off-by: Tom Rini <trini@konsulko.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

crypto/fsl: Fix HW accelerated hash commands

The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.

Due the data cache incoherency, HW accelerated hash commands used to fail
with CAAM errors like "Invalid KEY Command".

Check if pbuf and pout buffers are properly aligned to the cache line size
and flush/invalidate the memory regions to address this issue.

This solution is based in a previous work from Clemens Gruber in
commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and
decapsulation")

Reported-by: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

hash: Compile only hardware or software versions of SHA algorithms

Commit 089df18bfe9d ("lib: move hash CONFIG options to Kconfig") moved
CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and
CONFIG_SHA_PROG_HW_ACCEL config options to Kconfig. So in the case of
SPL, CONFIG_SPL_HASH_SUPPORT enables CONFIG_SHA1 and CONFIG_SHA256 which
enables SHA SW library by default. But in the case of platforms with
SHA HW library support, SHA SW library becomes redundant and increases
size of SPL by approx 18K. Rework the code so that we have named
members and only have either software or hardware versions of the
algorithm, depending on the relevant config options. Update the comment
around hash_algo to reflect this as well.

Reported-by: Sumit Garg <sumit.garg@nxp.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>

env: Rename getenv/_f() to env_get()

We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.

Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

env: Rename setenv() to env_set()

We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

Kconfig: Finish migration of hashing commands

Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way. As part of this,
don't muddle the meaning of CONFIG_HASH_VERIFY to mean both 'hash -v'
and "we have a hashing command" as this makes the Kconfig logic odd.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
[trini: Re-apply, add imply for a few cases, run moveconfig.py, also
migrate CRC32_VERIFY]
Signed-off-by: Tom Rini <trini@konsulko.com>

Kconfig: Add CONFIG_HASH to enable hashing API

At present CONFIG_CMD_HASH enables the 'hash' command which also brings
in the hashing API. Some boards may wish to enable the API without the
command. Add a separate CONFIG to permit this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

treewide: replace #include <asm/errno.h> with <linux/errno.h>

Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap <asm-generic/errno.h>)

Replace all include directives for <asm/errno.h> with <linux/errno.h>.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini <trini@konsulko.com>

hash.c: Conditionally compile hash_command, static hash_show

The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when any of
CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set. Since
hash.c is linked in unconditionally we must take extra care with
functions that bring in read-only strings as these will not be
discarded.

Signed-off-by: Tom Rini <trini@konsulko.com>

autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.

This feature is enabled by defined these config options:
CONFIG_AUTOBOOT_KEYED
CONFIG_AUTOBOOT_STOP_STR_SHA256

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

common: Make sure arch-specific map_sysmem() is defined

In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.

Also split the non-arch specific functions out of common.h

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

crypto/fsl - Add progressive hashing support using hardware acceleration.

Currently only normal hashing is supported using hardware acceleration.
Added support for progressive hashing using hardware.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <yorksun@freescale.com>

Use hash.c in mkimage

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Add function to find hash_algo struct with progressive hash

The hash_algo structure has some implementations in which progressive hash
API's are not defined. These are basically the hardware based implementations
of SHA. An API is added to find the algo which has progressive hash API's
defined. This can then be integrated with RSA checksum library which uses
Progressive Hash API's.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

Fix hash verification

Fix issue in parse_verify_sum() which swaps handling of env-var and *address.
Move hash_command() argc check earlier.
Cosmetic change on do_hash() variable declaration.
Improved help message for "hash" command.

Signed-off-by: Nikolay Dimitrov <picmaster@mail.bg>
Reviewed-by: Simon Glass <sjg@chromium.org>

includes: move openssl headers to include/u-boot

commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Use uint8_t in preference to u8

This type is more readily available on the host compiler, so use it instead.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: hash: zero end the string instead of the pointer

if algo->digest_size is zero nothing is set in the str_output
buffer. An attempt is made to zero end the buffer, but the
pointer to the buffer is set to zero instead. I am unaware if
it causes any actual problems, but solves the following warning:

common/hash.c:217:13: warning: expression which evaluates to zero treated as
a null pointer constant of type 'char *' [-Wnon-literal-null-conversion]
str_ptr = '\0';
^~~~

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Export the function to show a hash

This function is useful for displaying a hash value, so export it.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add progressive hash API

Add hash_init(), hash_update() and hash_finish() to the
hash_algo struct. Add hash_lookup_algo() to look up the
struct given an algorithm name.

Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>

hash.c: Correct non-hash subcommand crc32 addr-save support

In the case of not having CONFIG_CMD_HASH but having CONFIG_CMD_CRC32
enabled (and not CONFIG_CRC32_VERIFY), we end up in this part of the
code path on hash_command(). However, we will only have exactly 3 args
here, and 3 > 3 is false, and we will not try and store the hash at the
address given as arg #3. The next problem however is that we've been
moving argv around so the third value is now in argv[0] not argv[3].

Confirmed on AM335x Beaglebone White.

Signed-off-by: Tom Rini <trini@ti.com>

Add GPL-2.0+ SPDX-License-Identifier to source files

Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>

hash: Add a way to calculate a hash for any algortihm

Rather than needing to call one of many hashing algorithms in U-Boot,
provide a function hash_block() which handles this, and can support all
available hash algorithms.

Once we have md5 supported within hashing, we can use this function in
the FIT image code.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add sha h/w acceleration to hash

Adding H/W acceleration support to hash which can be used
to test SHA 256 hash algorithm.

Signed-off-by: ARUN MANKUZHI <arun.m@samsung.com>
Signed-off-by: Akshay Saraswat <akshay.s@samsung.com>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Use lower case for hash algorithm names

Rather than use strcasecmp() in the hash algorithm search, require the
caller to do this first. Most of U-Boot can use lower case anyway, and
the hash command can convert to lower case before calling hash_command().
This saves needing strcasecmp() for boards that use hashing but not
the hash command.

Signed-off-by: Simon Glass <sjg@chromium.org>

sandbox: Allow hash functions to work correctly

Use map_sysmem() so that hashing is possible on sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>

Roll crc32 into hash infrastructure

Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.

Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Add a flag to support saving hashes in the environment

Some hashing commands permit saving the hash in an environment variable,
and verifying a hash from there. But the crc32 command does not support
this. In order to permit crc32 to use the generic hashing infrastructure,
add a flag to select which behaviour to use.

Signed-off-by: Simon Glass <sjg@chromium.org>

Add generic hash API

We have a SHA1 command and want to add a SHA256 command also. Instead of
duplicating the code, create a generic hash API which can process
commands for different algorithms.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Remove <common.h> and add needed includes

Remove <common.h> from all "commmon/" files and when needed add
missing include files directly.

Signed-off-by: Tom Rini <trini@konsulko.com>

cmd: md5sum: use hash_command

Drop old implementation and use hash_command() instead, as
how it's currently done for crc32 and sha1sum cmds.

Test:
=> md5sum 0x60000000 0x200
md5 for 60000000 ... 600001ff ==> e6bbbe95f5b41996f4a9b9af7bbd4050

Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>

common: hash: Remove unused NEEDS_MANUAL_RELOC code bits

The last user of the NEEDS_MANUAL_RELOC has been removed in commit
26af162ac8f8 ("arch: m68k: Implement relocation")
Remove now unused NEEDS_MANUAL_RELOC code.

Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>

crc32: Drop duplicates crc header includes

Fixes: 3db711085752 ("crc32: Use the crc.h header for crc functions")
Signed-off-by: Ilya Lukin <4.shket@gmail.com>

hash: fix a memory leak

memalign() returns a pointer which is to be freed by free(). To call
unmap_sysmem() is incorrect, furthermore it was called in a wrong scope.

Also add a check for allocation error.

Fixes: d7af2baa49c6 ("crypto/fsl: Fix HW accelerated hash commands")
Cc: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_SHA1SUM

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_SHA1SUM defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_HASH

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_HASH defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

doc: replace @return by Return:

Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

image: Use the correct checks for CRC32

Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.

Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make crc32 optional and to actually take
notice of SPL_CRC32.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Drop some #ifdefs in hash.c

We can use the __maybe_unused attribute to avoid some of the #ifdefs in
this file. Update the functions accordingly.

Note: The actual hashing interface is still a mess, with four separate
combinations and lots of #ifdefs. This should really use a driver
approach, e.g. as is done with partition drivers.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Use Kconfig to enable hashing in host tools and SPL

At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.

For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.

Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.

Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.

This allows us to drop the image.h code and the I_WANT_MD5 hack.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

WS cleanup: remove SPACE(s) followed by TAB

Signed-off-by: Wolfgang Denk <wd@denx.de>

common: Move MD5 hash to hash_algo[] array.

MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>

global: Convert simple_strtoul() with hex to hextoul()

It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Ensure verification hex pairs are terminated

This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Kconfig option for SHA512 hardware acceleration

Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.

We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().

For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.

Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.

Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Reviewed-by: Simon Glass <sjg@chromium.org>

hash: Allow for SHA512 hardware implementations

Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>

common: Drop asm/global_data.h from common header

Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

common: hash: Remove a debug printf statement

Remove a left-over debug printf that was introduced with SHA512 support.

Fixes: d16b38f42704 ("Add support for SHA384 and SHA512")
Signed-off-by: Harald Seiler <hws@denx.de>

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

command: Remove the cmd_tbl_t typedef

We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

crc32: Use the crc.h header for crc functions

Drop inclusion of crc.h in common.h and use the correct header directly
instead.

With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

common: hash: Manually relocate struct hash_algo

This patch adds manual relocation for struct hash_algo if
CONFIG_NEEDS_MANUAL_RELOC is enabled.

Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

env: Move env_set() to env.h

Move env_set() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

Roll CRC16-CCITT into the hash infrastructure

The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot applications. It has not been accessible from boot
scripts until now (due to not having a dedicated command and not being
supported by the hash infrstructure) limiting its applicability
outside of custom commands.

This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the
list of available hashes and adds a new crc16_ccitt_wd_buf() to make
this possible.

Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[trini: Fix building crc16.o for SPL/TPL]
Signed-off-by: Tom Rini <trini@konsulko.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

crypto/fsl: Fix HW accelerated hash commands

The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.

Due the data cache incoherency, HW accelerated hash commands used to fail
with CAAM errors like "Invalid KEY Command".

Check if pbuf and pout buffers are properly aligned to the cache line size
and flush/invalidate the memory regions to address this issue.

This solution is based in a previous work from Clemens Gruber in
commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and
decapsulation")

Reported-by: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

hash: Compile only hardware or software versions of SHA algorithms

Commit 089df18bfe9d ("lib: move hash CONFIG options to Kconfig") moved
CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and
CONFIG_SHA_PROG_HW_ACCEL config options to Kconfig. So in the case of
SPL, CONFIG_SPL_HASH_SUPPORT enables CONFIG_SHA1 and CONFIG_SHA256 which
enables SHA SW library by default. But in the case of platforms with
SHA HW library support, SHA SW library becomes redundant and increases
size of SPL by approx 18K. Rework the code so that we have named
members and only have either software or hardware versions of the
algorithm, depending on the relevant config options. Update the comment
around hash_algo to reflect this as well.

Reported-by: Sumit Garg <sumit.garg@nxp.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>

env: Rename getenv/_f() to env_get()

We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.

Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

env: Rename setenv() to env_set()

We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

Kconfig: Finish migration of hashing commands

Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way. As part of this,
don't muddle the meaning of CONFIG_HASH_VERIFY to mean both 'hash -v'
and "we have a hashing command" as this makes the Kconfig logic odd.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
[trini: Re-apply, add imply for a few cases, run moveconfig.py, also
migrate CRC32_VERIFY]
Signed-off-by: Tom Rini <trini@konsulko.com>

Kconfig: Add CONFIG_HASH to enable hashing API

At present CONFIG_CMD_HASH enables the 'hash' command which also brings
in the hashing API. Some boards may wish to enable the API without the
command. Add a separate CONFIG to permit this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

treewide: replace #include <asm/errno.h> with <linux/errno.h>

Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap <asm-generic/errno.h>)

Replace all include directives for <asm/errno.h> with <linux/errno.h>.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini <trini@konsulko.com>

hash.c: Conditionally compile hash_command, static hash_show

The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when any of
CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set. Since
hash.c is linked in unconditionally we must take extra care with
functions that bring in read-only strings as these will not be
discarded.

Signed-off-by: Tom Rini <trini@konsulko.com>

autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.

This feature is enabled by defined these config options:
CONFIG_AUTOBOOT_KEYED
CONFIG_AUTOBOOT_STOP_STR_SHA256

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

common: Make sure arch-specific map_sysmem() is defined

In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.

Also split the non-arch specific functions out of common.h

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

crypto/fsl - Add progressive hashing support using hardware acceleration.

Currently only normal hashing is supported using hardware acceleration.
Added support for progressive hashing using hardware.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <yorksun@freescale.com>

Use hash.c in mkimage

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Add function to find hash_algo struct with progressive hash

The hash_algo structure has some implementations in which progressive hash
API's are not defined. These are basically the hardware based implementations
of SHA. An API is added to find the algo which has progressive hash API's
defined. This can then be integrated with RSA checksum library which uses
Progressive Hash API's.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

Fix hash verification

Fix issue in parse_verify_sum() which swaps handling of env-var and *address.
Move hash_command() argc check earlier.
Cosmetic change on do_hash() variable declaration.
Improved help message for "hash" command.

Signed-off-by: Nikolay Dimitrov <picmaster@mail.bg>
Reviewed-by: Simon Glass <sjg@chromium.org>

includes: move openssl headers to include/u-boot

commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Use uint8_t in preference to u8

This type is more readily available on the host compiler, so use it instead.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: hash: zero end the string instead of the pointer

if algo->digest_size is zero nothing is set in the str_output
buffer. An attempt is made to zero end the buffer, but the
pointer to the buffer is set to zero instead. I am unaware if
it causes any actual problems, but solves the following warning:

common/hash.c:217:13: warning: expression which evaluates to zero treated as
a null pointer constant of type 'char *' [-Wnon-literal-null-conversion]
str_ptr = '\0';
^~~~

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Export the function to show a hash

This function is useful for displaying a hash value, so export it.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add progressive hash API

Add hash_init(), hash_update() and hash_finish() to the
hash_algo struct. Add hash_lookup_algo() to look up the
struct given an algorithm name.

Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>

hash.c: Correct non-hash subcommand crc32 addr-save support

In the case of not having CONFIG_CMD_HASH but having CONFIG_CMD_CRC32
enabled (and not CONFIG_CRC32_VERIFY), we end up in this part of the
code path on hash_command(). However, we will only have exactly 3 args
here, and 3 > 3 is false, and we will not try and store the hash at the
address given as arg #3. The next problem however is that we've been
moving argv around so the third value is now in argv[0] not argv[3].

Confirmed on AM335x Beaglebone White.

Signed-off-by: Tom Rini <trini@ti.com>

Add GPL-2.0+ SPDX-License-Identifier to source files

Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>

hash: Add a way to calculate a hash for any algortihm

Rather than needing to call one of many hashing algorithms in U-Boot,
provide a function hash_block() which handles this, and can support all
available hash algorithms.

Once we have md5 supported within hashing, we can use this function in
the FIT image code.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add sha h/w acceleration to hash

Adding H/W acceleration support to hash which can be used
to test SHA 256 hash algorithm.

Signed-off-by: ARUN MANKUZHI <arun.m@samsung.com>
Signed-off-by: Akshay Saraswat <akshay.s@samsung.com>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Use lower case for hash algorithm names

Rather than use strcasecmp() in the hash algorithm search, require the
caller to do this first. Most of U-Boot can use lower case anyway, and
the hash command can convert to lower case before calling hash_command().
This saves needing strcasecmp() for boards that use hashing but not
the hash command.

Signed-off-by: Simon Glass <sjg@chromium.org>

sandbox: Allow hash functions to work correctly

Use map_sysmem() so that hashing is possible on sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>

Roll crc32 into hash infrastructure

Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.

Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Add a flag to support saving hashes in the environment

Some hashing commands permit saving the hash in an environment variable,
and verifying a hash from there. But the crc32 command does not support
this. In order to permit crc32 to use the generic hashing infrastructure,
add a flag to select which behaviour to use.

Signed-off-by: Simon Glass <sjg@chromium.org>

Add generic hash API

We have a SHA1 command and want to add a SHA256 command also. Instead of
duplicating the code, create a generic hash API which can process
commands for different algorithms.

Signed-off-by: Simon Glass <sjg@chromium.org>

cmd: md5sum: use hash_command

Drop old implementation and use hash_command() instead, as
how it's currently done for crc32 and sha1sum cmds.

Test:
=> md5sum 0x60000000 0x200
md5 for 60000000 ... 600001ff ==> e6bbbe95f5b41996f4a9b9af7bbd4050

Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>

common: hash: Remove unused NEEDS_MANUAL_RELOC code bits

The last user of the NEEDS_MANUAL_RELOC has been removed in commit
26af162ac8f8 ("arch: m68k: Implement relocation")
Remove now unused NEEDS_MANUAL_RELOC code.

Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>

crc32: Drop duplicates crc header includes

Fixes: 3db711085752 ("crc32: Use the crc.h header for crc functions")
Signed-off-by: Ilya Lukin <4.shket@gmail.com>

hash: fix a memory leak

memalign() returns a pointer which is to be freed by free(). To call
unmap_sysmem() is incorrect, furthermore it was called in a wrong scope.

Also add a check for allocation error.

Fixes: d7af2baa49c6 ("crypto/fsl: Fix HW accelerated hash commands")
Cc: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_SHA1SUM

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_SHA1SUM defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_HASH

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_HASH defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

doc: replace @return by Return:

Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

image: Use the correct checks for CRC32

Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.

Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make crc32 optional and to actually take
notice of SPL_CRC32.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Drop some #ifdefs in hash.c

We can use the __maybe_unused attribute to avoid some of the #ifdefs in
this file. Update the functions accordingly.

Note: The actual hashing interface is still a mess, with four separate
combinations and lots of #ifdefs. This should really use a driver
approach, e.g. as is done with partition drivers.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Use Kconfig to enable hashing in host tools and SPL

At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.

For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.

Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.

Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.

This allows us to drop the image.h code and the I_WANT_MD5 hack.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

WS cleanup: remove SPACE(s) followed by TAB

Signed-off-by: Wolfgang Denk <wd@denx.de>

common: Move MD5 hash to hash_algo[] array.

MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>

global: Convert simple_strtoul() with hex to hextoul()

It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Ensure verification hex pairs are terminated

This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Kconfig option for SHA512 hardware acceleration

Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.

We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().

For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.

Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.

Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Reviewed-by: Simon Glass <sjg@chromium.org>

hash: Allow for SHA512 hardware implementations

Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>

common: Drop asm/global_data.h from common header

Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

common: hash: Remove a debug printf statement

Remove a left-over debug printf that was introduced with SHA512 support.

Fixes: d16b38f42704 ("Add support for SHA384 and SHA512")
Signed-off-by: Harald Seiler <hws@denx.de>

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

command: Remove the cmd_tbl_t typedef

We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

crc32: Use the crc.h header for crc functions

Drop inclusion of crc.h in common.h and use the correct header directly
instead.

With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

common: hash: Manually relocate struct hash_algo

This patch adds manual relocation for struct hash_algo if
CONFIG_NEEDS_MANUAL_RELOC is enabled.

Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

env: Move env_set() to env.h

Move env_set() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

Roll CRC16-CCITT into the hash infrastructure

The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot applications. It has not been accessible from boot
scripts until now (due to not having a dedicated command and not being
supported by the hash infrstructure) limiting its applicability
outside of custom commands.

This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the
list of available hashes and adds a new crc16_ccitt_wd_buf() to make
this possible.

Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[trini: Fix building crc16.o for SPL/TPL]
Signed-off-by: Tom Rini <trini@konsulko.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

crypto/fsl: Fix HW accelerated hash commands

The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.

Due the data cache incoherency, HW accelerated hash commands used to fail
with CAAM errors like "Invalid KEY Command".

Check if pbuf and pout buffers are properly aligned to the cache line size
and flush/invalidate the memory regions to address this issue.

This solution is based in a previous work from Clemens Gruber in
commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and
decapsulation")

Reported-by: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

hash: Compile only hardware or software versions of SHA algorithms

Commit 089df18bfe9d ("lib: move hash CONFIG options to Kconfig") moved
CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and
CONFIG_SHA_PROG_HW_ACCEL config options to Kconfig. So in the case of
SPL, CONFIG_SPL_HASH_SUPPORT enables CONFIG_SHA1 and CONFIG_SHA256 which
enables SHA SW library by default. But in the case of platforms with
SHA HW library support, SHA SW library becomes redundant and increases
size of SPL by approx 18K. Rework the code so that we have named
members and only have either software or hardware versions of the
algorithm, depending on the relevant config options. Update the comment
around hash_algo to reflect this as well.

Reported-by: Sumit Garg <sumit.garg@nxp.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>

env: Rename getenv/_f() to env_get()

We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.

Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

env: Rename setenv() to env_set()

We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

Kconfig: Finish migration of hashing commands

Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way. As part of this,
don't muddle the meaning of CONFIG_HASH_VERIFY to mean both 'hash -v'
and "we have a hashing command" as this makes the Kconfig logic odd.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
[trini: Re-apply, add imply for a few cases, run moveconfig.py, also
migrate CRC32_VERIFY]
Signed-off-by: Tom Rini <trini@konsulko.com>

Kconfig: Add CONFIG_HASH to enable hashing API

At present CONFIG_CMD_HASH enables the 'hash' command which also brings
in the hashing API. Some boards may wish to enable the API without the
command. Add a separate CONFIG to permit this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

treewide: replace #include <asm/errno.h> with <linux/errno.h>

Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap <asm-generic/errno.h>)

Replace all include directives for <asm/errno.h> with <linux/errno.h>.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini <trini@konsulko.com>

hash.c: Conditionally compile hash_command, static hash_show

The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when any of
CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set. Since
hash.c is linked in unconditionally we must take extra care with
functions that bring in read-only strings as these will not be
discarded.

Signed-off-by: Tom Rini <trini@konsulko.com>

autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.

This feature is enabled by defined these config options:
CONFIG_AUTOBOOT_KEYED
CONFIG_AUTOBOOT_STOP_STR_SHA256

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

common: Make sure arch-specific map_sysmem() is defined

In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.

Also split the non-arch specific functions out of common.h

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

crypto/fsl - Add progressive hashing support using hardware acceleration.

Currently only normal hashing is supported using hardware acceleration.
Added support for progressive hashing using hardware.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <yorksun@freescale.com>

Use hash.c in mkimage

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Add function to find hash_algo struct with progressive hash

The hash_algo structure has some implementations in which progressive hash
API's are not defined. These are basically the hardware based implementations
of SHA. An API is added to find the algo which has progressive hash API's
defined. This can then be integrated with RSA checksum library which uses
Progressive Hash API's.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

Fix hash verification

Fix issue in parse_verify_sum() which swaps handling of env-var and *address.
Move hash_command() argc check earlier.
Cosmetic change on do_hash() variable declaration.
Improved help message for "hash" command.

Signed-off-by: Nikolay Dimitrov <picmaster@mail.bg>
Reviewed-by: Simon Glass <sjg@chromium.org>

includes: move openssl headers to include/u-boot

commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Use uint8_t in preference to u8

This type is more readily available on the host compiler, so use it instead.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: hash: zero end the string instead of the pointer

if algo->digest_size is zero nothing is set in the str_output
buffer. An attempt is made to zero end the buffer, but the
pointer to the buffer is set to zero instead. I am unaware if
it causes any actual problems, but solves the following warning:

common/hash.c:217:13: warning: expression which evaluates to zero treated as
a null pointer constant of type 'char *' [-Wnon-literal-null-conversion]
str_ptr = '\0';
^~~~

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Export the function to show a hash

This function is useful for displaying a hash value, so export it.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add progressive hash API

Add hash_init(), hash_update() and hash_finish() to the
hash_algo struct. Add hash_lookup_algo() to look up the
struct given an algorithm name.

Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>

hash.c: Correct non-hash subcommand crc32 addr-save support

In the case of not having CONFIG_CMD_HASH but having CONFIG_CMD_CRC32
enabled (and not CONFIG_CRC32_VERIFY), we end up in this part of the
code path on hash_command(). However, we will only have exactly 3 args
here, and 3 > 3 is false, and we will not try and store the hash at the
address given as arg #3. The next problem however is that we've been
moving argv around so the third value is now in argv[0] not argv[3].

Confirmed on AM335x Beaglebone White.

Signed-off-by: Tom Rini <trini@ti.com>

Add GPL-2.0+ SPDX-License-Identifier to source files

Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>

hash: Add a way to calculate a hash for any algortihm

Rather than needing to call one of many hashing algorithms in U-Boot,
provide a function hash_block() which handles this, and can support all
available hash algorithms.

Once we have md5 supported within hashing, we can use this function in
the FIT image code.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add sha h/w acceleration to hash

Adding H/W acceleration support to hash which can be used
to test SHA 256 hash algorithm.

Signed-off-by: ARUN MANKUZHI <arun.m@samsung.com>
Signed-off-by: Akshay Saraswat <akshay.s@samsung.com>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Use lower case for hash algorithm names

Rather than use strcasecmp() in the hash algorithm search, require the
caller to do this first. Most of U-Boot can use lower case anyway, and
the hash command can convert to lower case before calling hash_command().
This saves needing strcasecmp() for boards that use hashing but not
the hash command.

Signed-off-by: Simon Glass <sjg@chromium.org>

sandbox: Allow hash functions to work correctly

Use map_sysmem() so that hashing is possible on sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>

Roll crc32 into hash infrastructure

Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.

Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Add a flag to support saving hashes in the environment

Some hashing commands permit saving the hash in an environment variable,
and verifying a hash from there. But the crc32 command does not support
this. In order to permit crc32 to use the generic hashing infrastructure,
add a flag to select which behaviour to use.

Signed-off-by: Simon Glass <sjg@chromium.org>

Add generic hash API

We have a SHA1 command and want to add a SHA256 command also. Instead of
duplicating the code, create a generic hash API which can process
commands for different algorithms.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: hash: Remove unused NEEDS_MANUAL_RELOC code bits

The last user of the NEEDS_MANUAL_RELOC has been removed in commit
26af162ac8f8 ("arch: m68k: Implement relocation")
Remove now unused NEEDS_MANUAL_RELOC code.

Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org>

crc32: Drop duplicates crc header includes

Fixes: 3db711085752 ("crc32: Use the crc.h header for crc functions")
Signed-off-by: Ilya Lukin <4.shket@gmail.com>

hash: fix a memory leak

memalign() returns a pointer which is to be freed by free(). To call
unmap_sysmem() is incorrect, furthermore it was called in a wrong scope.

Also add a check for allocation error.

Fixes: d7af2baa49c6 ("crypto/fsl: Fix HW accelerated hash commands")
Cc: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_SHA1SUM

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_SHA1SUM defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_HASH

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_HASH defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

doc: replace @return by Return:

Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

image: Use the correct checks for CRC32

Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.

Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make crc32 optional and to actually take
notice of SPL_CRC32.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Drop some #ifdefs in hash.c

We can use the __maybe_unused attribute to avoid some of the #ifdefs in
this file. Update the functions accordingly.

Note: The actual hashing interface is still a mess, with four separate
combinations and lots of #ifdefs. This should really use a driver
approach, e.g. as is done with partition drivers.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Use Kconfig to enable hashing in host tools and SPL

At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.

For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.

Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.

Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.

This allows us to drop the image.h code and the I_WANT_MD5 hack.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

WS cleanup: remove SPACE(s) followed by TAB

Signed-off-by: Wolfgang Denk <wd@denx.de>

common: Move MD5 hash to hash_algo[] array.

MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>

global: Convert simple_strtoul() with hex to hextoul()

It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Ensure verification hex pairs are terminated

This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Kconfig option for SHA512 hardware acceleration

Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.

We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().

For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.

Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.

Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Reviewed-by: Simon Glass <sjg@chromium.org>

hash: Allow for SHA512 hardware implementations

Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>

common: Drop asm/global_data.h from common header

Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

common: hash: Remove a debug printf statement

Remove a left-over debug printf that was introduced with SHA512 support.

Fixes: d16b38f42704 ("Add support for SHA384 and SHA512")
Signed-off-by: Harald Seiler <hws@denx.de>

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

command: Remove the cmd_tbl_t typedef

We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

crc32: Use the crc.h header for crc functions

Drop inclusion of crc.h in common.h and use the correct header directly
instead.

With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

common: hash: Manually relocate struct hash_algo

This patch adds manual relocation for struct hash_algo if
CONFIG_NEEDS_MANUAL_RELOC is enabled.

Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

env: Move env_set() to env.h

Move env_set() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

Roll CRC16-CCITT into the hash infrastructure

The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot applications. It has not been accessible from boot
scripts until now (due to not having a dedicated command and not being
supported by the hash infrstructure) limiting its applicability
outside of custom commands.

This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the
list of available hashes and adds a new crc16_ccitt_wd_buf() to make
this possible.

Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[trini: Fix building crc16.o for SPL/TPL]
Signed-off-by: Tom Rini <trini@konsulko.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

crypto/fsl: Fix HW accelerated hash commands

The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.

Due the data cache incoherency, HW accelerated hash commands used to fail
with CAAM errors like "Invalid KEY Command".

Check if pbuf and pout buffers are properly aligned to the cache line size
and flush/invalidate the memory regions to address this issue.

This solution is based in a previous work from Clemens Gruber in
commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and
decapsulation")

Reported-by: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

hash: Compile only hardware or software versions of SHA algorithms

Commit 089df18bfe9d ("lib: move hash CONFIG options to Kconfig") moved
CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and
CONFIG_SHA_PROG_HW_ACCEL config options to Kconfig. So in the case of
SPL, CONFIG_SPL_HASH_SUPPORT enables CONFIG_SHA1 and CONFIG_SHA256 which
enables SHA SW library by default. But in the case of platforms with
SHA HW library support, SHA SW library becomes redundant and increases
size of SPL by approx 18K. Rework the code so that we have named
members and only have either software or hardware versions of the
algorithm, depending on the relevant config options. Update the comment
around hash_algo to reflect this as well.

Reported-by: Sumit Garg <sumit.garg@nxp.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>

env: Rename getenv/_f() to env_get()

We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.

Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

env: Rename setenv() to env_set()

We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

Kconfig: Finish migration of hashing commands

Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way. As part of this,
don't muddle the meaning of CONFIG_HASH_VERIFY to mean both 'hash -v'
and "we have a hashing command" as this makes the Kconfig logic odd.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
[trini: Re-apply, add imply for a few cases, run moveconfig.py, also
migrate CRC32_VERIFY]
Signed-off-by: Tom Rini <trini@konsulko.com>

Kconfig: Add CONFIG_HASH to enable hashing API

At present CONFIG_CMD_HASH enables the 'hash' command which also brings
in the hashing API. Some boards may wish to enable the API without the
command. Add a separate CONFIG to permit this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

treewide: replace #include <asm/errno.h> with <linux/errno.h>

Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap <asm-generic/errno.h>)

Replace all include directives for <asm/errno.h> with <linux/errno.h>.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini <trini@konsulko.com>

hash.c: Conditionally compile hash_command, static hash_show

The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when any of
CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set. Since
hash.c is linked in unconditionally we must take extra care with
functions that bring in read-only strings as these will not be
discarded.

Signed-off-by: Tom Rini <trini@konsulko.com>

autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.

This feature is enabled by defined these config options:
CONFIG_AUTOBOOT_KEYED
CONFIG_AUTOBOOT_STOP_STR_SHA256

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

common: Make sure arch-specific map_sysmem() is defined

In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.

Also split the non-arch specific functions out of common.h

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

crypto/fsl - Add progressive hashing support using hardware acceleration.

Currently only normal hashing is supported using hardware acceleration.
Added support for progressive hashing using hardware.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <yorksun@freescale.com>

Use hash.c in mkimage

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Add function to find hash_algo struct with progressive hash

The hash_algo structure has some implementations in which progressive hash
API's are not defined. These are basically the hardware based implementations
of SHA. An API is added to find the algo which has progressive hash API's
defined. This can then be integrated with RSA checksum library which uses
Progressive Hash API's.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

Fix hash verification

Fix issue in parse_verify_sum() which swaps handling of env-var and *address.
Move hash_command() argc check earlier.
Cosmetic change on do_hash() variable declaration.
Improved help message for "hash" command.

Signed-off-by: Nikolay Dimitrov <picmaster@mail.bg>
Reviewed-by: Simon Glass <sjg@chromium.org>

includes: move openssl headers to include/u-boot

commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Use uint8_t in preference to u8

This type is more readily available on the host compiler, so use it instead.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: hash: zero end the string instead of the pointer

if algo->digest_size is zero nothing is set in the str_output
buffer. An attempt is made to zero end the buffer, but the
pointer to the buffer is set to zero instead. I am unaware if
it causes any actual problems, but solves the following warning:

common/hash.c:217:13: warning: expression which evaluates to zero treated as
a null pointer constant of type 'char *' [-Wnon-literal-null-conversion]
str_ptr = '\0';
^~~~

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Export the function to show a hash

This function is useful for displaying a hash value, so export it.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add progressive hash API

Add hash_init(), hash_update() and hash_finish() to the
hash_algo struct. Add hash_lookup_algo() to look up the
struct given an algorithm name.

Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>

hash.c: Correct non-hash subcommand crc32 addr-save support

In the case of not having CONFIG_CMD_HASH but having CONFIG_CMD_CRC32
enabled (and not CONFIG_CRC32_VERIFY), we end up in this part of the
code path on hash_command(). However, we will only have exactly 3 args
here, and 3 > 3 is false, and we will not try and store the hash at the
address given as arg #3. The next problem however is that we've been
moving argv around so the third value is now in argv[0] not argv[3].

Confirmed on AM335x Beaglebone White.

Signed-off-by: Tom Rini <trini@ti.com>

Add GPL-2.0+ SPDX-License-Identifier to source files

Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>

hash: Add a way to calculate a hash for any algortihm

Rather than needing to call one of many hashing algorithms in U-Boot,
provide a function hash_block() which handles this, and can support all
available hash algorithms.

Once we have md5 supported within hashing, we can use this function in
the FIT image code.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add sha h/w acceleration to hash

Adding H/W acceleration support to hash which can be used
to test SHA 256 hash algorithm.

Signed-off-by: ARUN MANKUZHI <arun.m@samsung.com>
Signed-off-by: Akshay Saraswat <akshay.s@samsung.com>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Use lower case for hash algorithm names

Rather than use strcasecmp() in the hash algorithm search, require the
caller to do this first. Most of U-Boot can use lower case anyway, and
the hash command can convert to lower case before calling hash_command().
This saves needing strcasecmp() for boards that use hashing but not
the hash command.

Signed-off-by: Simon Glass <sjg@chromium.org>

sandbox: Allow hash functions to work correctly

Use map_sysmem() so that hashing is possible on sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>

Roll crc32 into hash infrastructure

Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.

Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Add a flag to support saving hashes in the environment

Some hashing commands permit saving the hash in an environment variable,
and verifying a hash from there. But the crc32 command does not support
this. In order to permit crc32 to use the generic hashing infrastructure,
add a flag to select which behaviour to use.

Signed-off-by: Simon Glass <sjg@chromium.org>

Add generic hash API

We have a SHA1 command and want to add a SHA256 command also. Instead of
duplicating the code, create a generic hash API which can process
commands for different algorithms.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: fix a memory leak

memalign() returns a pointer which is to be freed by free(). To call
unmap_sysmem() is incorrect, furthermore it was called in a wrong scope.

Also add a check for allocation error.

Fixes: d7af2baa49c6 ("crypto/fsl: Fix HW accelerated hash commands")
Cc: Breno Lima <breno.lima@nxp.com>
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_SHA1SUM

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_SHA1SUM defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_HASH

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_HASH defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

doc: replace @return by Return:

Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

image: Use the correct checks for CRC32

Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.

Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make crc32 optional and to actually take
notice of SPL_CRC32.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Drop some #ifdefs in hash.c

We can use the __maybe_unused attribute to avoid some of the #ifdefs in
this file. Update the functions accordingly.

Note: The actual hashing interface is still a mess, with four separate
combinations and lots of #ifdefs. This should really use a driver
approach, e.g. as is done with partition drivers.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Use Kconfig to enable hashing in host tools and SPL

At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.

For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.

Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.

Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.

This allows us to drop the image.h code and the I_WANT_MD5 hack.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

WS cleanup: remove SPACE(s) followed by TAB

Signed-off-by: Wolfgang Denk <wd@denx.de>

common: Move MD5 hash to hash_algo[] array.

MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>

global: Convert simple_strtoul() with hex to hextoul()

It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Ensure verification hex pairs are terminated

This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Kconfig option for SHA512 hardware acceleration

Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.

We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().

For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.

Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.

Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Reviewed-by: Simon Glass <sjg@chromium.org>

hash: Allow for SHA512 hardware implementations

Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>

common: Drop asm/global_data.h from common header

Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

common: hash: Remove a debug printf statement

Remove a left-over debug printf that was introduced with SHA512 support.

Fixes: d16b38f42704 ("Add support for SHA384 and SHA512")
Signed-off-by: Harald Seiler <hws@denx.de>

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

command: Remove the cmd_tbl_t typedef

We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

crc32: Use the crc.h header for crc functions

Drop inclusion of crc.h in common.h and use the correct header directly
instead.

With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

common: hash: Manually relocate struct hash_algo

This patch adds manual relocation for struct hash_algo if
CONFIG_NEEDS_MANUAL_RELOC is enabled.

Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

env: Move env_set() to env.h

Move env_set() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

Roll CRC16-CCITT into the hash infrastructure

The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot applications. It has not been accessible from boot
scripts until now (due to not having a dedicated command and not being
supported by the hash infrstructure) limiting its applicability
outside of custom commands.

This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the
list of available hashes and adds a new crc16_ccitt_wd_buf() to make
this possible.

Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[trini: Fix building crc16.o for SPL/TPL]
Signed-off-by: Tom Rini <trini@konsulko.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

crypto/fsl: Fix HW accelerated hash commands

The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.

Due the data cache incoherency, HW accelerated hash commands used to fail
with CAAM errors like "Invalid KEY Command".

Check if pbuf and pout buffers are properly aligned to the cache line size
and flush/invalidate the memory regions to address this issue.

This solution is based in a previous work from Clemens Gruber in
commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and
decapsulation")

Reported-by: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

hash: Compile only hardware or software versions of SHA algorithms

Commit 089df18bfe9d ("lib: move hash CONFIG options to Kconfig") moved
CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and
CONFIG_SHA_PROG_HW_ACCEL config options to Kconfig. So in the case of
SPL, CONFIG_SPL_HASH_SUPPORT enables CONFIG_SHA1 and CONFIG_SHA256 which
enables SHA SW library by default. But in the case of platforms with
SHA HW library support, SHA SW library becomes redundant and increases
size of SPL by approx 18K. Rework the code so that we have named
members and only have either software or hardware versions of the
algorithm, depending on the relevant config options. Update the comment
around hash_algo to reflect this as well.

Reported-by: Sumit Garg <sumit.garg@nxp.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>

env: Rename getenv/_f() to env_get()

We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.

Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

env: Rename setenv() to env_set()

We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

Kconfig: Finish migration of hashing commands

Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way. As part of this,
don't muddle the meaning of CONFIG_HASH_VERIFY to mean both 'hash -v'
and "we have a hashing command" as this makes the Kconfig logic odd.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
[trini: Re-apply, add imply for a few cases, run moveconfig.py, also
migrate CRC32_VERIFY]
Signed-off-by: Tom Rini <trini@konsulko.com>

Kconfig: Add CONFIG_HASH to enable hashing API

At present CONFIG_CMD_HASH enables the 'hash' command which also brings
in the hashing API. Some boards may wish to enable the API without the
command. Add a separate CONFIG to permit this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

treewide: replace #include <asm/errno.h> with <linux/errno.h>

Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap <asm-generic/errno.h>)

Replace all include directives for <asm/errno.h> with <linux/errno.h>.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini <trini@konsulko.com>

hash.c: Conditionally compile hash_command, static hash_show

The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when any of
CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set. Since
hash.c is linked in unconditionally we must take extra care with
functions that bring in read-only strings as these will not be
discarded.

Signed-off-by: Tom Rini <trini@konsulko.com>

autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.

This feature is enabled by defined these config options:
CONFIG_AUTOBOOT_KEYED
CONFIG_AUTOBOOT_STOP_STR_SHA256

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

common: Make sure arch-specific map_sysmem() is defined

In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.

Also split the non-arch specific functions out of common.h

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

crypto/fsl - Add progressive hashing support using hardware acceleration.

Currently only normal hashing is supported using hardware acceleration.
Added support for progressive hashing using hardware.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <yorksun@freescale.com>

Use hash.c in mkimage

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Add function to find hash_algo struct with progressive hash

The hash_algo structure has some implementations in which progressive hash
API's are not defined. These are basically the hardware based implementations
of SHA. An API is added to find the algo which has progressive hash API's
defined. This can then be integrated with RSA checksum library which uses
Progressive Hash API's.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>

Fix hash verification

Fix issue in parse_verify_sum() which swaps handling of env-var and *address.
Move hash_command() argc check earlier.
Cosmetic change on do_hash() variable declaration.
Improved help message for "hash" command.

Signed-off-by: Nikolay Dimitrov <picmaster@mail.bg>
Reviewed-by: Simon Glass <sjg@chromium.org>

includes: move openssl headers to include/u-boot

commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Use uint8_t in preference to u8

This type is more readily available on the host compiler, so use it instead.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: hash: zero end the string instead of the pointer

if algo->digest_size is zero nothing is set in the str_output
buffer. An attempt is made to zero end the buffer, but the
pointer to the buffer is set to zero instead. I am unaware if
it causes any actual problems, but solves the following warning:

common/hash.c:217:13: warning: expression which evaluates to zero treated as
a null pointer constant of type 'char *' [-Wnon-literal-null-conversion]
str_ptr = '\0';
^~~~

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>

hash: Export the function to show a hash

This function is useful for displaying a hash value, so export it.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add progressive hash API

Add hash_init(), hash_update() and hash_finish() to the
hash_algo struct. Add hash_lookup_algo() to look up the
struct given an algorithm name.

Signed-off-by: Hung-ying Tyan <tyanh@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>

hash.c: Correct non-hash subcommand crc32 addr-save support

In the case of not having CONFIG_CMD_HASH but having CONFIG_CMD_CRC32
enabled (and not CONFIG_CRC32_VERIFY), we end up in this part of the
code path on hash_command(). However, we will only have exactly 3 args
here, and 3 > 3 is false, and we will not try and store the hash at the
address given as arg #3. The next problem however is that we've been
moving argv around so the third value is now in argv[0] not argv[3].

Confirmed on AM335x Beaglebone White.

Signed-off-by: Tom Rini <trini@ti.com>

Add GPL-2.0+ SPDX-License-Identifier to source files

Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>

hash: Add a way to calculate a hash for any algortihm

Rather than needing to call one of many hashing algorithms in U-Boot,
provide a function hash_block() which handles this, and can support all
available hash algorithms.

Once we have md5 supported within hashing, we can use this function in
the FIT image code.

Signed-off-by: Simon Glass <sjg@chromium.org>

gen: Add sha h/w acceleration to hash

Adding H/W acceleration support to hash which can be used
to test SHA 256 hash algorithm.

Signed-off-by: ARUN MANKUZHI <arun.m@samsung.com>
Signed-off-by: Akshay Saraswat <akshay.s@samsung.com>
Acked-by: Simon Glass <sjg@chromium.org>

hash: Use lower case for hash algorithm names

Rather than use strcasecmp() in the hash algorithm search, require the
caller to do this first. Most of U-Boot can use lower case anyway, and
the hash command can convert to lower case before calling hash_command().
This saves needing strcasecmp() for boards that use hashing but not
the hash command.

Signed-off-by: Simon Glass <sjg@chromium.org>

sandbox: Allow hash functions to work correctly

Use map_sysmem() so that hashing is possible on sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>

Roll crc32 into hash infrastructure

Add the CRC32 algorithm to the list of available hashes, and make
the crc32 command use hash_command(). Add a new crc32_wd_buf() to
make this possible, which puts its result in a buffer rather than
returning it as a 32-bit value.

Note: For some boards the hash command is not enabled, neither
are sha1, sha256 or the verify option. In this case the full
hash implementation adds about 500 bytes of overhead. So as a
special case, we use #ifdef to select very simple bahaviour in
that case. The justification for this is that it is currently
a very common case (virtually all boards enable crc32 but only
some enable more advanced features).

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Add a flag to support saving hashes in the environment

Some hashing commands permit saving the hash in an environment variable,
and verifying a hash from there. But the crc32 command does not support
this. In order to permit crc32 to use the generic hashing infrastructure,
add a flag to select which behaviour to use.

Signed-off-by: Simon Glass <sjg@chromium.org>

Add generic hash API

We have a SHA1 command and want to add a SHA256 command also. Instead of
duplicating the code, create a generic hash API which can process
commands for different algorithms.

Signed-off-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_SHA1SUM

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_SHA1SUM defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

Correct SPL use of CMD_HASH

This converts 1 usage of this option to the non-SPL form, since there is
no SPL_CMD_HASH defined in Kconfig

Signed-off-by: Simon Glass <sjg@chromium.org>

doc: replace @return by Return:

Sphinx expects Return: and not @return to indicate a return value.

find . -name '*.c' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

find . -name '*.h' -exec \
sed -i 's/^\(\s\)\*\(\s*\)@return\(\s\)/\1*\2Return:\3/' {} \;

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

image: Use the correct checks for CRC32

Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32)
directly in the host build, so drop the unnecessary indirection.

Add a few more conditions to SPL_CRC32 to avoid build failures as well as
TPL_CRC32. Also update hash.c to make crc32 optional and to actually take
notice of SPL_CRC32.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Drop some #ifdefs in hash.c

We can use the __maybe_unused attribute to avoid some of the #ifdefs in
this file. Update the functions accordingly.

Note: The actual hashing interface is still a mess, with four separate
combinations and lots of #ifdefs. This should really use a driver
approach, e.g. as is done with partition drivers.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

hash: Use Kconfig to enable hashing in host tools and SPL

At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.

For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.

Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.

Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.

This allows us to drop the image.h code and the I_WANT_MD5 hack.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

WS cleanup: remove SPACE(s) followed by TAB

Signed-off-by: Wolfgang Denk <wd@denx.de>

common: Move MD5 hash to hash_algo[] array.

MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check]
Signed-off-by: Tom Rini <trini@konsulko.com>

global: Convert simple_strtoul() with hex to hextoul()

It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Ensure verification hex pairs are terminated

This function seems to assume that the chr[] variable contains zeros at
the start, which is not always true. Use strlcpy() to be safe.

Signed-off-by: Simon Glass <sjg@chromium.org>

hash: Kconfig option for SHA512 hardware acceleration

Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.

We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().

For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.

Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.

Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Reviewed-by: Simon Glass <sjg@chromium.org>

hash: Allow for SHA512 hardware implementations

Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>

common: Drop asm/global_data.h from common header

Move this out of the common header and include it only where needed. In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly. Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>

common: hash: Remove a debug printf statement

Remove a left-over debug printf that was introduced with SHA512 support.

Fixes: d16b38f42704 ("Add support for SHA384 and SHA512")
Signed-off-by: Harald Seiler <hws@denx.de>

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>

common: Drop log.h from common header

Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

command: Remove the cmd_tbl_t typedef

We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop image.h from common header

Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>

common: Drop net.h from common header

Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>

crc32: Use the crc.h header for crc functions

Drop inclusion of crc.h in common.h and use the correct header directly
instead.

With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

common: hash: Manually relocate struct hash_algo

This patch adds manual relocation for struct hash_algo if
CONFIG_NEEDS_MANUAL_RELOC is enabled.

Signed-off-by: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

env: Move env_set() to env.h

Move env_set() over to the new header file.

Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Signed-off-by: Simon Glass <sjg@chromium.org>

Roll CRC16-CCITT into the hash infrastructure

The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot applications. It has not been accessible from boot
scripts until now (due to not having a dedicated command and not being
supported by the hash infrstructure) limiting its applicability
outside of custom commands.

This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the
list of available hashes and adds a new crc16_ccitt_wd_buf() to make
this possible.

Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[trini: Fix building crc16.o for SPL/TPL]
Signed-off-by: Tom Rini <trini@konsulko.com>

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

crypto/fsl: Fix HW accelerated hash commands

The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.

Due the data cache incoherency, HW accelerated hash commands used to fail
with CAAM errors like "Invalid KEY Command".

Check if pbuf and pout buffers are properly aligned to the cache line size
and flush/invalidate the memory regions to address this issue.

This solution is based in a previous work from Clemens Gruber in
commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and
decapsulation")

Reported-by: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

hash: Compile only hardware or software versions of SHA algorithms

Commit 089df18bfe9d ("lib: move hash CONFIG options to Kconfig") moved
CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and
CONFIG_SHA_PROG_HW_ACCEL config options to Kconfig. So in the case of
SPL, CONFIG_SPL_HASH_SUPPORT enables CONFIG_SHA1 and CONFIG_SHA256 which
enables SHA SW library by default. But in the case of platforms with
SHA HW library support, SHA SW library becomes redundant and increases
size of SPL by approx 18K. Rework the code so that we have named
members and only have either software or hardware versions of the
algorithm, depending on the relevant config options. Update the comment
around hash_algo to reflect this as well.

Reported-by: Sumit Garg <sumit.garg@nxp.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>